[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    Data phase of spamd etc
From:       "Rod.. Whitworth" <listen () witworx ! com>
Date:       2004-11-21 6:34:50
Message-ID: 200411211734.5032115.6 () mail ! witworx ! com
[Download RAW message or body]

I recently set up a new firewall and decided to implement
spamd/greylisting for a mailserver on my server network.
(There's a LAN of rfc1918 stuff as well but that's not important here)

After doing the config I decided to go look at what the sending MTA
sees when trying to send mail to my server.

So I did telnet mail.example.com  25   (gee it was tough to get <that>
domain 8-)  )
and was a little urprised to see that  it looked like I was a spammer
already going by the banner and response lines but I guessed that I was
just getting the greylist treatment when there were no delays.

So all of that worked fine and greylisting is a go.

Next I added a remote machine that doesn't have an MTA to my personal
blacklist and did the telnet thing from there by logging into to it by
ssh.

I immediately saw the difference even though the messages were the
same. The one-character-per-second output of responses had me
chuckling.

So I just acted like some spammer MTA and went on through the HELO and
MAIL FROM: and RCPT TO: steps and was surprised to see that I was
allowed to send data. I expected the 450/550 response after the RCPT.

It did make me wonder whether I want to use spamd in tarpit mode for
the blacklist guys. I don't want to end up with buckets of incoming
traffic if one of the warped minds decides to detect spamd and send
megabytes of payload.

So, is there some limit to what we accept in the DATA phase given that
if we let it start we should expect the sender to not listen to any
response until it has sent the newline-dot-newline at the end?

I know that I can just rewrite my pf.conf to blackhole the blacklist
but I figured an answer from one of the experts may make me happy to
leave it as is.

A clue please.

>From the land "down under": Australia.
Do we look <umop apisdn> from up over?

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.





[prev in list] [next in list] [prev in thread] [next in thread]